Problem solve Get help with specific problems with your technologies, process and projects.

Selecting MPLS VPN service providers

Considerations for selection.

As more service providers roll out their MPLS (Multiprotocol Label Switching) networks, most enterprises are moving away from an Internet/IPSec-based VPN to an MPLS VPN. The label-switching technology has some great benefits for VPNs, especially where QoS/CoS is desired. One of the biggest motivators is that keeping your traffic on a single vendor, as opposed to the hodgepodge Internet, allows the vendor to offer your company Service Level Agreements for network performance, unlike the "best effort" delivery of the Internet. So if you're considering a move to an MPLS VPN, consider some of these points in your vendor evaluation:

Internet Access: Most vendors allow you to connect your MPLS VPN directly to the Internet via a shared "Network Firewall". However, some of them restrict the traffic to outbound-initiated, while others allow you to establish an IPSec tunnel to the network firewall, then hop into your network. Still others allow inbound access through an encapsulated GRE tunnel that dumps off in front of another firewall you control.

The Full Mesh: While MPLS technology generally facilitates a full mesh of connectivity between all your sites, giving you "any-to-any" connectivity, this requires a single MPLS network. Some service providers have split their MPLS networks into geographic regions and you have to pay a little extra to get connectivity from one region to another. Without this, traffic from one location to another may be forced through a third site acting as a hub. This can unnecessarily complicate your routing, and it's inefficient.

Remember than MPLS-based VPNs aren't encrypted; they only separate your data from other customers' data logically. Your data shares the same physical path with other customers of the service provider, just like a Frame-Relay or any other WAN. Some vendor's may offer additional services that allow you to encrypt your traffic. In fact, you may want to explore the possibility of using your existing IPSec VPN equipment to create permanent tunnels between sites over a new high-speed MPLS backbone to get the best of both worlds.

For more information, view's MPLS VPN tutorial.

Thomas Alexander Lancaster IV is a consultant and author with over ten years experience in the networking industry, focused on Internet infrastructure.

This was last published in January 2003

Dig Deeper on Network Infrastructure

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.